IBM WebSphere MQ 7.1 < / 7.5 < Multiple Vulnerabilities

This script is Copyright (C) 2014-2015 Tenable Network Security, Inc.

Synopsis :

The remote Windows host has a service installed that is affected by
multiple vulnerabilities.

Description :

The version of IBM WebSphere MQ server 7.1 / 7.5 installed on the
remote Windows host is missing fix pack / or later. It
is, therefore, affected by the following vulnerabilities :

- An information disclosure vulnerability exists due to a
failure to sanitize user-supplied input in the MQ
Telemetry component, resulting in path traversal outside
of a restricted path. A remote attacker can exploit
this, using a URI request, to view any file readable by
the 'mqm' user. (CVE-2013-4054)

- An unspecified information disclosure vulnerability
exists in IBM Java related to the Libraries component.
A remote attacker can exploit this to obtain sensitive
information. (CVE-2013-5780)

Note that the fix list for fix pack shows that several APARs
have a security or integrity exposure (IC93986, IC94287, IC94453,
IC94752, IC97555). It is not known whether any of these APARs
correspond with the information disclosure vulnerability in the
Telemetry component or to what extent they represent actual security

See also :

Solution :

Apply fix pack / or later.

Risk factor :

Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.7
Public Exploit Available : false

Family: Windows

Nessus Plugin ID: 73103 ()

Bugtraq ID: 65897

CVE ID: CVE-2013-4054

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now